When I joined the Navy in 1970, the projection of Naval sea power was all about strategies to deploy Marines, ships, submarines, and aircraft above, below, and on the sea. Today, there’s a new complication—cybersecurity— as data has become weaponized and hackers seek to attack all manner of targets—companies, cities, nations, even the ships where I once worked.
At the same time, cyberattackers, and their rising diversity and sophistication, offer an opportunity to innovate and grow new markets. You can see what that looks like in San Diego, where I live and work.
San Diego has long been a center of America’s national defense, and the infrastructure and businesses that support it. The cyber age—and San Diego’s savvy response to it—has changed the nature of that defense. San Diego is now home to more than 100 cybersecurity companies that employ 4,230 people in the region. That’s on top of the 3,390 employees who work at the U.S. Navy’s Space and Naval Warfare Command (SPAWAR). And those numbers are growing rapidly.
In just two years, between 2013 and 2015, information security analysts grew by 13.9 percent per year on average in San Diego, nearly double the national 7 percent average, and employers expect their cybersecurity workforce to grow by an additional 13 percent in the coming year, according to a 2016 study for which my nonprofit and other San Diego institutions conducted research. The annual economic impact of the industry is already estimated at $1.9 billion—that’s the equivalent of hosting four Super Bowls each year—and puts San Diego on par with sister cyber hubs in Silicon Valley and Maryland.
This rapid growth is not merely a matter of technological change. It reflects strategic efforts by people and sectors across San Diego—the military and intelligence community, high tech industries, academia, municipalities, utilities, transportation agencies, and the region’s various governments—to become a leader in cybersecurity.
I play a role as leader of the San Diego Cyber Center of Excellence (CCOE), a nonprofit established in 2014 by cyber industry, higher education, and government leaders to address cybersecurity challenges here. To become a center of this new line of defense, the region has had to tackle three tasks crucial to the sector’s success. San Diego is cultivating a cyber workforce, showcasing its successes in cutting-edge technologies, and fostering a more secure cyber environment across the region’s institutions. (Being a leader in cybersecurity can make you a bigger target to attack.)
These challenges resulted from regional economic planning, in particular the San Diego Regional Economic Development Corporation’s cybersecurity economic impact study. In some places, regional economic reports get dismissed, but not this report and not here. The report identified a clear top challenge: the sourcing and development of a cyber workforce. This is what drew me to this work and the CCOE—the opportunity to help find and secure the next generation of cyberwarriors was too good to pass up.
To start, our team convened leaders in industry, government, and all 15 of the cybersecurity, computer science, and engineering deans from regional universities, colleges, and extended studies programs to discuss greater alignment between academic supply and industry demand. The collaboration has been highly productive. It helped create a catalogue of courses that universities and programs offered, or could add, to meet the skill sets sought by the industry. It also generated a regional cyber Job Board, as well as an Internship Pipeline and Link2Cyber programs that connect students, recent graduates, veterans, and seasoned professionals with career opportunities in the region.
Not only are these cybersecurity positions in demand, but the average annual salary for analysts, computer scientists, and software developers is six figures, according to that 2016 economic impact study that CCOE helped conduct.
The combination of wages and opportunity have made San Diego a hotspot for talent, investment, and research and development. The region’s universities and colleges annually graduate 3,000 students in the computer science and engineering fields. The University of San Diego and California State University San Marcos recently launched cybersecurity masters programs with industry-driven curricula to help feed the pipelines. The region’s higher education sector also supports trailblazing research at facilities like the Super Computing Center at UC San Diego and the Advanced Computing Environments Laboratory at San Diego State University.
Demand for talent is being driven by a convergence of commercial security and defense security. This creates a real community around cybersecurity. Industry leaders such as Qualcomm, ESET, ViaSat, and iboss call San Diego home, citing access to clients, customers, vendors, suppliers, and proximity to SPAWAR as the region’s greatest strengths.
San Diego is likely to see more growth as the industry moves toward private sector customers. The share of firms focused primarily on the commercial market (as opposed to military and defense) has grown substantially, now constituting 47 percent of the sector in San Diego. This shift reflects the importance of practical applications of cybersecurity, like protecting healthcare and financial data, and energy and water grids. This is good news in an age where the Internet of Things (IoT), electromagnetic pulse (EMP) blasts, mass grid outages, and ransomware attacks are no longer just Marvel Comics storylines.
San Diego as a regional hub is also mobilizing to address potential threats to its own infrastructure. The Secure San Diego initiative, launched earlier this year, is, among other things, generating a regional cyber response map for businesses and a regional incident response management plan similar to state of emergency protocols used in natural disasters.
Sometimes I marvel at how threats and defense strategies have evolved since my time as commander of SPAWAR, but the one constant of war remains: You can’t go it alone. While San Diego has developed a cybersecurity sector, cyber threats have no geographic or industry bounds, and the need for qualified cybersecurity workers is increasing. My hope is that San Diego can serve as a template to mobilize other regions to adopt best practices and grow our nation’s next generation of cyberwarriors, defenses, and innovations.